EQC Liquidating Trust 10-K Cybersecurity GRC - 2025-10-21

Page last updated on October 21, 2025

EQC Liquidating Trust reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-10-21 06:52:04 EDT.

Filings

10-K filed on 2025-10-21

EQC Liquidating Trust filed a 10-K at 2025-10-21 06:52:04 EDT
Accession Number: 0000803649-25-000068

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. EQC and EQC LT maintained a cybersecurity program focused on preventing, identifying and mitigating applicable cyber threats. Risk Management and Strategy A number of cybersecurity measures were employed to reduce the likelihood that cybersecurity incidents would materialize, including: (i) employing a variety of reputable and recognized hardware, software and other security measures in 2 the design and maintenance of our information technology and data security systems; (ii) conducting periodic testing and verification of information and data security systems, including engaging third-party assessors to perform penetration testing of our systems to identify vulnerabilities; (iii) confirming with our critical vendors whether they experienced cyber breaches of their IT systems or otherwise involving Company information; (iv) verifying third-party IT system integrity through a review of System and Organization ("SOC") audit review reports provided by certain of our vendors ; and (v) providing periodic employee security awareness training relating to phishing and other scams, malware and various cyber-related risks. We also engaged third-party vendors to assist with incident detection and monitoring and to implement and maintain other cybersecurity measures specific to our operations and portfolio properties. We also created and maintained processes that provided a playbook in the event of a cyber incident. These processes provided assessment and response tools designed to mitigate damage from attacks and integrate third-party digital forensics, legal providers and law enforcement as part of the response plan. We also instituted a variety of safeguards to counter ransomware threats. We integrated our cybersecurity program into our overall risk management processes by instituting corporate measures and protocols to ensure ongoing operations in the event of a disaster or major business disruption affecting the corporate headquarters, infrastructure or key personnel. Our employee guidelines also addressed employee computer usage, including a variety of restrictions and protocols intended to enhance cybersecurity and reduce the risk of a successful cyber-attack. Material Effects from Risks of Cybersecurity Threats We do not believe any risks from cybersecurity threats, including any past cybersecurity incidents, have materially affected the Company, including our business strategy, results of operations or financial condition. Trustee Oversight Senior personnel from our IT department managed our cybersecurity program on a day-to-day basis. For EQC, o ur Board of Trustees oversaw our IT department's management of our cybersecurity program through its Audit Committee. For EQC LT, our Trustees oversaw our IT department's management of our cybersecurity program. Through our policies, plans, guidelines, processes and other communications, any material cybersecurity incident would have been reported to our executive officers, as well as to the Audit Committee and/or the Board of the Company, and to the Trustees of EQC LT. Management Oversight Our cybersecurity program was managed on a day-to-day basis by our IT department, which was led by our SVP - Information Technology, who has a Master of Business Administration degree and a Master Certification in Cybersecurity from Colorado State University along with more than 25 years of experience . Our IT department's experience included network and system security, backup and recovery strategies and software design and implementation. Areas of substantial experience also included IT audits and anti-phishing training, as well as server installation, configuration and administration.

Company Information